GRID SECURITY

1
GRID SECURITY

• Caglar Oner

2
Grid Computing

• Grid Computing
• Sharing, integration and coordinated use of
  diverse resources and services under multiple
  control domains or simply in distributed Virtual
  Organizations
• Virtual Organization
• A group of individuals/resources/institutions
  united by a common purpose but may not
  necessarily located in a single administrative
  domain.

3
The Grid Security Problem

• Main Challenge
• Establishing a secure relationship not only
  between a client and a server but also between
  hundreds of processes and resources under
  different administrative domains (VOs)
• While maintaining basic network security features
  such as
• Unauthorized access
• Tampered information
• Man in the middle attacks

4
Easy? Didnt think so

• What makes it even more difficult is the distinct
  characteristic of the grid
• Distinctive characteristic
• Diverse local mechanisms Interoperate with
  existing security mechanisms
• Dynamic creation of services Users creating new
  services without any administrator intervention
• Dynamic creation of trust domains Establish
  trust not only among user-resources within a VO
  but also within multiple dynamic organizations

5
Globus Grid Security Infrastructure

• Globus
• Is an open source software toolkit used for
  building Grid systems and applications
• Grid Security Infrastructure
• Is the name given to the part of Globus which
  deals with security functionality

6
GT2 Grid Security Model

• Distinct characteristic of the grid and how GSI
  handles it
• Diverse Site Security Mechanisms
• Dynamic Creation of entities and granting
  privileges to these entities
• Dynamic Creation and management of overlaid trust
  domains

7
Diverse Site Security Mechanisms

• GSI uses
• X.509 Certificate Every user and service on the
  Grid is uniquely identified and authenticated via
  this certificate
• Contains
• Subject name
• Public key
• The identity of a CA and the digital signature of
  the CA
• TLS, SSL Is used to perform mutual
  authentication and then provide message
  protection (encryption, integrity checking)

8
Advantages

• Gateways can be used for translation from one
  scheme to other
• For Example Kerberos Certificate Authority and
  SSLK5/PKINIT can be used to translate to GSI
• Keep the existing scheme
• Certificate Authority eases the establishment of
  a trust (unilaterally)
• For example A single entity can decide to trust
  a CA or not without involving the organization as
  a whole
• This become more apparent when the organization
  is not fully involved

9
Dynamic creation of entities granting of
privileges

• Single Sign-on Delegation
• For Example each time a resource wants to use
  another resource it will need to authenticate.
• Send the private key to resource (not a good
  idea)
• Ask the user each time (not very efficient)

10
Proxy Certificates

• X.509 Proxy Certificates allows a user to assign
  dynamically a new X.509 certificate to an entity
  and then delegate some subset of its rights to
  this entity

11
How does it work?

• Create a new public and private key set for the
  proxy sign it with your long term private key
  instead of sending it to sign by CA
• Containing the new proxys public key
• Singed by the proxys owner
• Create a (limited lifetime) certificate

12
Dynamic creation management of overlaid trust
domains

• Overlaid trust domains
• Proxy Certificates Users can create trust
  domains by issuing proxy certificates to any
  service they wish to collaborate.
• Simple solution doesnt work when get complicated.

13
Community Authorization Service

• Community Authorization Service in GSI
• Authorization Service GSI supports the notion of
  local policy enforced locally (User Certificate
  -gt Unix account)

14
Why do we need CAS?

• Scalability The cost of administering a VO
  shouldnt increase with the number of resource
  providers in the VO
• Flexibility Expressibility Difficulty in
  bookkeeping (this community should use of the
  resource)
• Policy Hierarchy Each institute can introduce
  new policies. ( Consistency between IP VO LP)

15
Community Authorization Service

• Basically allow resource owners to grant access
  to blocks of resources to a community as a whole
  and let the community itself manage memberships
  and fine-grained access control policies while
  remaining in full power of the resource.

16

• A CAS server is initiated for a community
• Resource providers grant privileges to the CAS
• User first contacts the CAS server before
  contacting the resource
• The CAS server delegates rights / assertion to
  the user according to access control policies or
  simply the role of the user within the community
• - Rights / Assertion / Capabilities user
  presents these to the resource to gain access
• Resource evaluates the
• resource policy assertions
• and grants access / declines

17
Extensions made in GSI

• Restricted Proxy Credentials
• Grant new proxies with restricted rights
• Policy Language
• Neutral can support different policy languages
• Libraries and APIs
• Policy evaluation API and library

18
Problems with the CAS

• Bottleneck
• The CAS can be the bottleneck.
• Restricted Proxy Certificates
• An entity can change its rights
• Compromised CAS server
• Can issue wrong certificates
• Compromised Resource server
• Steal community data, Steal user identity
• Revocation mechanism
• Act like the user if compromised

19
GT3 Security model for OGSA

• The Open Grid Services Architecture (OGSA)
  represents a set of technical specification
  towards a Grid system architecture based on Web
  services
• Web Services allow software components to be
  defined in terms of access methods, bindings of
  these methods to specific communication
  mechanisms, and mechanisms for discovering
  relevant services.
• For Example
• SOAP
• WSDL

20
Main Goal

• GT3s security model seeks to allow applications
  and users to operate on the Grid in as seamless
  and automated a manner as possible.

21
Features of OGSA and Web Services

• The features that are implemented in GT3
• Security as Services (located and used)
• Hosting Environment (pass the security
  implementation to the environment)
• Publishing of Security Policy (publish security
  mechanisms needed)
• Specified format for Security Tokens (token
  interoperability)

22
Security as Services

• OGSA security model casts security functions as
  services where an application can outsource its
  security functionality using well defined
  protocols and interfaces offered by these
  services.
• Credential processing service
• Authorization service
• Credential Conversion service
• Identity Mapping service
• Audit

23
Hosting Environment

• Such as JAVA and .NET provide a high level of
  functionality to the applications helping them
  reduce the complexity and place it into the
  hosting environment.

24
Publishing of Security Policy

• Find a common set of security mechanisms that
  both parties understand
• For an application to start using the security as
  a service and hosting environment features it
  needs to know what mechanisms are acceptable by
  that service
• Publish your security policy interface
  specification as WSDL documents using WS-Policy
  specification
• Acceptable trust roots
• Token formats
• And other security parameters

25
Specified Format for Security Tokens

• WS-Security, WSSecureConversation, and WS-Trust
  specifications contain conventions and formats
  for the communication of various mechanism
  specific tokens inside SOAP envelopes.

26
(No Transcript)
27
GT3 Security Implementation

• Advantages over GT2
• Use of WS-Security protocols and standards
  (Seamless integration for future)
• Tight least-privilege model (For security)

28
Use of Web Services Security and Protocol

• GT3 uses Web services for transportation and
  manipulations of security related messages.
• Stateful (SOAP XML-Signatures)
• Stateless (XML-Signatures)

29
Tight Least-Privilege Model

• Least privilege is a well-known principle in
  computer security that states that each entity
  should only have the minimal privilege needed to
  accomplish its assigned role and no more.
• No privileged services.
• Minimal privileged code.

30
GT3 GRAM Implementation

• GRAM is one of the most important services in the
  GT3 from a security perspective, that basically
  allows a remote client to instantiate a
  communication and use this connection in a secure
  way to access and monitor a remote job in a
  remote resource.
• Managed Job Service
• Master Managed Job Factory Service

31
(No Transcript)
32
Conclusions

• Security is a hard task to achieve in Grid
  Systems mainly because of the distinct
  characteristic of the grid environment
• Community authorization servers helps to overcome
  the administration overhead of virtual
  organizations
• Web Services is a really important development
  which helped security in grid systems and will
  have more use in future

33
Questions?